W3C home > Mailing lists > Public > www-tag@w3.org > December 2002

Re: XML-* [was: ... XML subsetting...]

From: Tim Bray <tbray@textuality.com>
Date: Thu, 05 Dec 2002 15:39:39 -0800
Message-ID: <3DEFE3BB.7020100@textuality.com>
To: jeremy@dunck.us
Cc: pgrosso@arbortext.com, www-tag@w3.org

Jeremy Dunck wrote:

> Lastly, am I correct in my understanding that the DoS through entity 
> expansion is only possible when external subsets are used, and when that 
> referenced subset is compromised?  That is, how can the DoS happen if 
> only trusted resources are used as external subsets?

You're not correct.  The billion laughs works just fine with only an 
internal subset.

Your notion about retaining entities but controlling their recursive 
expansion is plausible and has come up a couple of times now.  Hmm -Tim
Received on Thursday, 5 December 2002 18:39:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 26 April 2012 12:47:14 GMT